Bug 53485 – UCS@school roles for users should be set automatically depending on objectClass and groups

Bug 53485 - UCS@school roles for users should be set automatically depending on objectClass and groups


Summary:	UCS@school roles for users should be set automatically depending on objectCla...

Status:	NEW

Product:	UCS@school
Classification:	Unclassified
Component:	Ucsschool-lib
Version:	UCS@school 4.4
Hardware:	Other Mac OS X 10.1

Importance:	P5 normal (vote)
Target Milestone:	---
Assigned To:	UCS@school maintainers
QA Contact:

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2021-06-21 13:32 CEST by Ole Schwiegert
Modified:	2023-06-12 13:54 CEST (History)
CC List:	3 users (show)

See Also:	53203
What kind of report is it?:	Feature Request
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:	Yes
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):	Role and Access Model
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Ole Schwiegert

2021-06-21 13:32:07 CEST

Currently it is not possible to set the ucsschool roles of any user in the UMC. That creates many complications and problems. If you create a SchoolAdmin from a Teacher, following the documentation, you get a faulty SchoolAdmin since the role is missing.

To counteract that we could implement the following behavior in the ucsschool.lib:

If a user is created or modified the ucsschool_roles are modified with the following rules:

- If the objectClass for Student/Teacher/Admin/Staff is set, the user gets the corresponding role for all schools he is in the corresponding group for.
- If the objectClass for Student/Teacher/Admin/Staff is unset the user has all corresponding roles removed.

The same logic should be followed if corresponding groups are changed. But we cannot detect that when the user is changed via the UDM. And currently that is the only way to change the groups of an UCS@school User.